[
https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398929#comment-13398929
]
Rohini Palaniswamy commented on HADOOP-8518:
--------------------------------------------
Not as a fallback, but as a override. What I had done was to get the canonical
name of the host from the URL to connect to and use it to construct the service
principal's host part (HTTP/canonicalhostname). If a specific Configuration
property was set as to what the FQDN of the service principal should be, then
used that instead of constructing the service principal from the url. The
override would help if the service prinicipal was in a different realm than the
default realm too. You can have a separate specif config parameter to specify
the service principal override and use the rule mapping configuration.
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
> Key: HADOOP-8518
> URL: https://issues.apache.org/jira/browse/HADOOP-8518
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client
> name, we should use it on the client side as well to resolve the server name
> before getting the kerberos ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
